This is the mail archive of the cygwin-patches mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [Patch] Allow to disable root privileges with CYGWIN=noroot


On Oct  6 22:15, Christian Franke wrote:
> Corinna Vinschen wrote:
>> ...and maybe it's time to create a cygwin_internal call which replaces
>> cygwin_set_impersonation_token and deprecate cygwin_set_impersonation_token
>> in the long run.  So, instead of the above we could have this call
>> taking a HANDLE and a BOOL value:
>>
>>   cygwin_internal (CW_SET_EXTERNAL_TOKEN, token_handle, restricted?);
>>
>>   
>
> OK.
>
> I have a very first experimental version which works for me. It also 
> requires a new flag 'cygheap->user.is_restricted_token' to tell 
> spawn_guts() to use CreateProcessAsUser().
>
> I will post the patch in a few days.
>
> A question:
>
> Why does seteuid32() call 'set_cygwin_privileges ()' on 'curr_imp_token' 
> and not on 'curr_primary_token' ? The curr_primary_token is used for 
> impersonation and therefore the privileges are not set for the thread 
> itself.

Oops.  Thanks for catching.  I applied a patch.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]